What is Doxing and How it is Done?

In the modern world, Internet has become a wonderful place to gain knowledge, exchange ideas, share information, make new friends and whatnot. Even though, you can do all of this by remaining anonymous behind your monitor, your real life identity and personal details can still be at the risk of falling into the hands of strangers. This is where the term “doxing” comes into play!

What is Doxing?

Doxing simply refers to the process of gathering or deducing other people’s information such as name, age, email, address, telephone number, photographs etc. using publicly available sources such as the Internet. In other words, doxing is the act of using the Internet to search for personal details about a person.

Doxing is done by initially taking a piece of information (such as “name” or “email address”) and keeping it as a base to find out other possible details about the person. The term “doxing” is derived from the word “document tracing” which means to retrieve documents about a particular person or company in order to learn more about them.

Doxing Techniques:

Today, Internet has grown to such a size that it contains almost any information that you’ve ever imagined! All you’ve to do is use the right techniques to search for what you want. Here is a list of doxing techniques that are most commonly used by Internet geeks and ethical hackers:

Using Google:

Google is undoubtedly a powerful tool that plays a key role in doxing. Since Google indexes almost anything on the Internet (sometimes even the private information), it is possible to dox for details such as email ID, address, phone numbers and photographs of a person or company. Once you obtain the search results for your query, carefully examine the description part which in most cases contain the piece of information that you are looking for.

Social Networking Websites:

As most Internet users are found to be active on social media, social networking sites such as Facebook and LinkedIn provide a virtual goldmine of information necessary to perform doxing. As most users are unaware of online security issues, they have weak privacy settings on their profile. This makes it easy for the attackers to gain access to personal information such as photographs, real names, location, job, partner’s name etc.

Reverse Cell Phone LookUp:

A “Reverse Cell Phone Lookup” is simply a process of finding someone’s personal details such as name, age, address and related information by using their cell phone number and vice versa. There are many online services out there such as cell phone registry that provide access to the personal details about a given person based on his/her phone, name and email ID.

Whois Searches:

If a person or company has a website (or domain name) associated with them, you can easily perform a “whois search” for their website to obtain personal details such as full name, address, email and phone number. Just visit whois.domaintools.com and enter the domain name for which you want to perform a whois search. It will show up all the details associated with the domain name.

Why Would Anyone Want to Perform Doxing?

Most people perform doxing out of general curiosity about a person or company. However, there are some wicked minds out there who do this for the purpose of blackmailing or taking revenge by exposing the information that they have gathered about the person.

What are the Consequences of Doxing?

It can be slightly irritating and embarrassing when private data fall in the hands of people who are not intended to have access to such information. However, things can go even worse if the doxed information such as a person’s social activities, medical history, sexual preference and other vital bits of information is made public. This can have a serious threat to health, livelihood or relationship of the victim.

Steps to Protect Yourself from Doxing:

The following are some of the most commonly targeted pieces of information that can be easily obtained through doxing:

Full name

Age, gender and date of birth

Location and place of birth

Email addresses and username

Phone number

Social networking profiles, websites and blogs

So, it is always a good practice to keep the above bits of information hidden. Even though it is not possible to do this in all cases, you can still take care to protect as much information as you can from going public. You can consider the following additional tips for further protection:

Do not upload personal photographs on web albums such as “Picasa”. Even if you do, make sure that your album is hidden from public and search engines.

If you do not intend to show up your profile on search engines, it is a wise choice to make all the Internet profiles private.

Maximize the privacy settings of your social network profiles. Make sure that your individual albums and photographs have their privacy settings configured.

Do not use the same email address for all you accounts. Instead, create separate email IDs for individual activities such as gaming, forum participation, banking accounts etc.

Is Doxing a Crime?

Doxing is definitely not a crime when used within the ethical standards and no harm is being caused to anyone. However, if doxing is done to cause intentional damage such as harassment, blackmailing or taking revenge it might well be considered an offence.

The question “how to hack a computer” is probably the one that is most frequently asked ...

9 Comments

M. Kameswara Rao from Tirupati

March 22, 2013 at 5:06 PM

Dear Srikanth, you are doing great job & are taking pains to create awareness and dessiminate information on IT security topics. Yours is a clear and lucid style. Even elderly Govt employees like me who are eager to know can learn a lot. Thank you.